@studiometa/productive-mcp 0.10.15 → 0.10.16

package/dist/handlers/run-endpoint.d.ts

@@ -0,0 +1,27 @@
+/**
+ * `/run` HTTP endpoint — the runner side of remote `run_script` execution.
+ *
+ * A front server (with `PRODUCTIVE_MCP_RUN_RUNNER_URL` set) POSTs a stateless
+ * payload here; this endpoint authenticates the hop with a shared token and
+ * runs the script through the normal `run_script` pipeline (so the runner
+ * enforces its own `PRODUCTIVE_MCP_ENABLE_RUN` and limits). The result is the
+ * exact `ToolResult` the front relays back to the client.
+ *
+ * The endpoint only exists when `PRODUCTIVE_MCP_RUN_RUNNER_TOKEN` is set —
+ * otherwise it reports as not found, so a normal deployment never exposes it.
+ */
+import type { ProductiveCredentials } from '../auth.js';
+import type { ToolResult } from './types.js';
+/** Executor signature (executeToolWithCredentials), injected for testability. */
+export type RunEndpointExecutor = (name: string, args: Record<string, unknown>, credentials: ProductiveCredentials) => Promise<ToolResult>;
+export interface RunEndpointResult {
+    status: number;
+    body: unknown;
+}
+/**
+ * Core logic for the `/run` endpoint, decoupled from the HTTP framework.
+ *
+ * @returns the HTTP status and JSON body to send back.
+ */
+export declare function executeRunRequest(rawBody: unknown, authHeader: string | null | undefined, exec: RunEndpointExecutor, env?: NodeJS.ProcessEnv): Promise<RunEndpointResult>;
+//# sourceMappingURL=run-endpoint.d.ts.map

package/dist/handlers/run-endpoint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-endpoint.d.ts","sourceRoot":"","sources":["../../src/handlers/run-endpoint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,iFAAiF;AACjF,MAAM,MAAM,mBAAmB,GAAG,CAChC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,WAAW,EAAE,qBAAqB,KAC/B,OAAO,CAAC,UAAU,CAAC,CAAC;AAEzB,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;CACf;AAoBD;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACrC,IAAI,EAAE,mBAAmB,EACzB,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAAC,iBAAiB,CAAC,CAyC5B"}

package/dist/handlers/run.d.ts

@@ -17,8 +17,12 @@ export interface RunScriptArgs {
     flags?: unknown;
     dry_run?: unknown;
 }
+/** Optional injected dependencies (for testing the remote path). */
+export interface RunScriptDeps {
+    fetch?: typeof fetch;
+}
 /**
  * Execute the `run_script` tool.
  */
-export declare function handleRunScript(rawArgs: RunScriptArgs, credentials: ProductiveCredentials, exec: ToolExecutor, env?: NodeJS.ProcessEnv): Promise<ToolResult>;
+export declare function handleRunScript(rawArgs: RunScriptArgs, credentials: ProductiveCredentials, exec: ToolExecutor, env?: NodeJS.ProcessEnv, deps?: RunScriptDeps): Promise<ToolResult>;
 //# sourceMappingURL=run.d.ts.map

package/dist/handlers/run.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/handlers/run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,KAAK,EAAiB,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAU7C,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAgBD;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,aAAa,EACtB,WAAW,EAAE,qBAAqB,EAClC,IAAI,EAAE,YAAY,EAClB,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAAC,UAAU,CAAC,CAsErB"}
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/handlers/run.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxD,OAAO,KAAK,EAAiB,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAW7C,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,oEAAoE;AACpE,MAAM,WAAW,aAAa;IAC5B,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAgBD;;GAEG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,aAAa,EACtB,WAAW,EAAE,qBAAqB,EAClC,IAAI,EAAE,YAAY,EAClB,GAAG,GAAE,MAAM,CAAC,UAAwB,EACpC,IAAI,GAAE,aAAkB,GACvB,OAAO,CAAC,UAAU,CAAC,CA0FrB"}

package/dist/{handlers-BEeOjytC.js → handlers-Ca2x4dM8.js}

@@ -2,6 +2,7 @@ import { ProductiveApi, formatActivity, formatAttachment, formatBooking, formatC
 import { ACTIONS, REPORT_TYPES, RESOURCES, ResolveError, VALID_REPORT_TYPES, completeTask, createBooking, createComment, createCompany, createDeal, createDiscussion, createPage, createTask, createTimeEntry, deleteAttachment, deleteDiscussion, deletePage, deleteTimeEntry, fromHandlerContext, getAttachment, getBooking, getComment, getCompany, getCustomField, getDeal, getDealContext, getDiscussion, getMyDaySummary, getPage, getPerson, getProject, getProjectContext, getProjectHealthSummary, getReport, getService, getTask, getTaskContext, getTeamPulseSummary, getTimeEntry, getTimer, listActivities, listAttachments, listBookings, listComments, listCompanies, listCustomFields, listDeals, listDiscussions, listPages, listPeople, listProjects, listServices, listTasks, listTimeEntries, listTimers, logDay, readApi, reopenDiscussion, resolveDiscussion, resolveResource, startTimer, stopTimer, updateBooking, updateComment, updateCompany, updateDeal, updateDiscussion, updatePage, updateTask, updateTimeEntry, weeklyStandup, writeApi } from "@studiometa/productive-core";
 import variant from "@jitl/quickjs-singlefile-cjs-release-sync";
 import { newQuickJSWASMModuleFromVariant } from "quickjs-emscripten-core";
+import { timingSafeEqual } from "node:crypto";
 import { stripTypeScriptTypes } from "node:module";
 //#region src/errors.ts
 /**
@@ -41296,6 +41297,72 @@ function resolveRunLimits(env = process.env) {
 	};
 }
 //#endregion
+//#region src/run/remote.ts
+/**
+* Remote execution for `run_script`.
+*
+* When `PRODUCTIVE_MCP_RUN_RUNNER_URL` is set, the front server forwards a
+* `run_script` call to a separate runner over a single stateless HTTP POST,
+* instead of executing the QuickJS sandbox in-process. This keeps the front
+* small and isolates a script's memory/CPU (and any OOM) on the runner.
+*
+* The contract is deliberately infrastructure-agnostic — any service that
+* accepts the payload and returns a `ToolResult` works (a Fly machine pool, a
+* load balancer in front of several runners, a serverless function, …). It is
+* stateless (everything needed is in the body) and must NOT be retried at the
+* proxy layer, since a non-dry-run script may mutate.
+*/
+var DEFAULT_RUNNER_TIMEOUT_MS = 3e4;
+/** Resolve runner configuration from the environment. */
+function resolveRunnerConfig(env = process.env) {
+	const raw = env.PRODUCTIVE_MCP_RUN_RUNNER_TIMEOUT_MS;
+	const parsed = raw === void 0 ? NaN : Number(raw);
+	const timeoutMs = Number.isInteger(parsed) && parsed > 0 ? parsed : DEFAULT_RUNNER_TIMEOUT_MS;
+	return {
+		url: env.PRODUCTIVE_MCP_RUN_RUNNER_URL || void 0,
+		token: env.PRODUCTIVE_MCP_RUN_RUNNER_TOKEN || void 0,
+		timeoutMs
+	};
+}
+/** Constant-time comparison of a provided runner token against the expected one. */
+function runnerTokenMatches(provided, expected) {
+	if (!expected || !provided) return false;
+	const a = Buffer.from(provided);
+	const b = Buffer.from(expected);
+	if (a.length !== b.length) return false;
+	return timingSafeEqual(a, b);
+}
+/**
+* Forward a run_script call to the remote runner. Never throws: any transport
+* or runner error is mapped to an error `ToolResult`.
+*/
+async function runScriptRemote(payload, config, fetchImpl = fetch) {
+	if (!config.url) return errorResult("Remote runner URL is not configured.");
+	const controller = new AbortController();
+	const timer = setTimeout(() => controller.abort(), config.timeoutMs);
+	try {
+		const response = await fetchImpl(config.url, {
+			method: "POST",
+			headers: {
+				"content-type": "application/json",
+				...config.token ? { authorization: `Bearer ${config.token}` } : {}
+			},
+			body: JSON.stringify(payload),
+			signal: controller.signal
+		});
+		if (!response.ok) {
+			const detail = await response.text().catch(() => "");
+			return errorResult(`Remote runner returned ${response.status}${detail ? `: ${detail.slice(0, 500)}` : ""}`);
+		}
+		return await response.json();
+	} catch (error) {
+		if (error instanceof Error && error.name === "AbortError") return errorResult(`Remote runner timed out after ${config.timeoutMs}ms.`);
+		return errorResult(`Remote runner request failed: ${error instanceof Error ? error.message : String(error)}`);
+	} finally {
+		clearTimeout(timer);
+	}
+}
+//#endregion
 //#region src/run/render.ts
 /** Labels for log-style output entries. */
 var LOG_LABELS = {
@@ -41410,13 +41477,21 @@ function normalizeFlags(value) {
 /**
 * Execute the `run_script` tool.
 */
-async function handleRunScript(rawArgs, credentials, exec, env = process.env) {
-	if (!isRunScriptEnabled(env)) return inputErrorResult(new UserInputError("run_script is disabled. Set PRODUCTIVE_MCP_ENABLE_RUN=true to enable it."));
+async function handleRunScript(rawArgs, credentials, exec, env = process.env, deps = {}) {
+	const runner = resolveRunnerConfig(env);
+	if (!runner.url && !isRunScriptEnabled(env)) return inputErrorResult(new UserInputError("run_script is disabled. Set PRODUCTIVE_MCP_ENABLE_RUN=true (or PRODUCTIVE_MCP_RUN_RUNNER_URL to delegate to a runner) to enable it."));
 	if (typeof rawArgs.code !== "string" || rawArgs.code.trim() === "") return inputErrorResult(new UserInputError("code is required and must be a non-empty string.", [
 		"Provide a JavaScript/TypeScript script in the \"code\" parameter.",
 		"Available globals: productive(resource, action, params), api.read/write, output.*, args, flags.",
 		"Return a value to surface it as the result; use output.json(...) for additional data."
 	]));
+	if (runner.url) return runScriptRemote({
+		code: rawArgs.code,
+		args: normalizeArgs(rawArgs.args),
+		flags: normalizeFlags(rawArgs.flags),
+		dry_run: rawArgs.dry_run === true,
+		credentials
+	}, runner, deps.fetch);
 	const limits = resolveRunLimits(env);
 	const codeBytes = Buffer.byteLength(rawArgs.code, "utf8");
 	if (codeBytes > limits.maxCodeBytes) return inputErrorResult(new UserInputError(`Script is too large (${codeBytes} bytes, max ${limits.maxCodeBytes}).`));
@@ -42298,6 +42373,6 @@ async function executeToolWithCredentials(name, args, credentials) {
 	}
 }
 //#endregion
-export { handleSchemaOverview as C, handleDeals as E, handleServices as S, handlePeople as T, union as _, boolean as a, handleTasks as b, intersection as c, number as d, object as f, string as g, record as h, array as i, literal as l, preprocess as m, _enum as n, custom as o, optional as p, _null as r, discriminatedUnion as s, executeToolWithCredentials as t, looseObject as u, unknown as v, handleProjects as w, handleSummaries as x, datetime as y };
+export { handleSummaries as C, handlePeople as D, handleProjects as E, handleDeals as O, handleTasks as S, handleSchemaOverview as T, record as _, _null as a, unknown as b, custom as c, literal as d, looseObject as f, preprocess as g, optional as h, _enum as i, discriminatedUnion as l, object as m, resolveRunnerConfig as n, array as o, number as p, runnerTokenMatches as r, boolean as s, executeToolWithCredentials as t, intersection as u, string as v, handleServices as w, datetime as x, union as y };
 
-//# sourceMappingURL=handlers-BEeOjytC.js.map
+//# sourceMappingURL=handlers-Ca2x4dM8.js.map